From 5c4498813e10d25160a86f97fe7a95ea26f9ef7b Mon Sep 17 00:00:00 2001 From: sebdet Date: Wed, 13 Jan 2021 11:35:56 +0100 Subject: [POLICY] Migration of clamp to policy area Creation of the clamp subcharts + fusion of the clamp database to policy mariadb Issue-ID: POLICY-2951 Signed-off-by: sebdet Change-Id: I8192f82bc393e3fc8d5884d6ab73912a0466edcd Signed-off-by: sebdet --- kubernetes/clamp/.helmignore | 1 - kubernetes/clamp/Chart.yaml | 19 -- kubernetes/clamp/Makefile | 56 ----- kubernetes/clamp/components/Makefile | 51 ---- .../clamp/components/clamp-backend/Chart.yaml | 19 -- .../components/clamp-backend/requirements.yaml | 22 -- .../resources/config/application.properties | 71 ------ .../resources/config/log/filebeat/filebeat.yml | 55 ---- .../resources/config/sdc-controllers-config.json | 18 -- .../components/clamp-backend/templates/NOTES.txt | 32 --- .../clamp-backend/templates/configmap.yaml | 31 --- .../clamp-backend/templates/deployment.yaml | 128 ---------- .../clamp-backend/templates/secrets.yaml | 18 -- .../clamp-backend/templates/service.yaml | 42 ---- .../clamp/components/clamp-backend/values.yaml | 151 ----------- .../clamp/components/clamp-dash-es/Chart.yaml | 19 -- .../components/clamp-dash-es/requirements.yaml | 25 -- .../resources/config/elasticsearch.yml | 138 ---------- .../clamp-dash-es/templates/configmap.yaml | 29 --- .../clamp-dash-es/templates/deployment.yaml | 138 ---------- .../components/clamp-dash-es/templates/pv.yaml | 39 --- .../components/clamp-dash-es/templates/pvc.yaml | 38 --- .../clamp-dash-es/templates/service.yaml | 70 ------ .../clamp/components/clamp-dash-es/values.yaml | 163 ------------ .../clamp/components/clamp-dash-kibana/Chart.yaml | 19 -- .../components/clamp-dash-kibana/requirements.yaml | 25 -- .../clamp-dash-kibana/resources/config/kibana.yml | 41 --- .../clamp-dash-kibana/templates/configmap.yaml | 38 --- .../clamp-dash-kibana/templates/deployment.yaml | 107 -------- .../clamp-dash-kibana/templates/ingress.yaml | 16 -- .../clamp-dash-kibana/templates/service.yaml | 43 ---- .../clamp/components/clamp-dash-kibana/values.yaml | 152 ----------- .../components/clamp-dash-logstash/Chart.yaml | 19 -- .../clamp-dash-logstash/requirements.yaml | 25 -- .../resources/config/logstash.yml | 26 -- .../resources/config/pipeline.conf | 277 --------------------- .../clamp-dash-logstash/templates/configmap.yaml | 29 --- .../clamp-dash-logstash/templates/deployment.yaml | 130 ---------- .../clamp-dash-logstash/templates/service.yaml | 43 ---- .../components/clamp-dash-logstash/values.yaml | 152 ----------- .../clamp/components/clamp-mariadb/Chart.yaml | 19 -- .../clamp/components/clamp-mariadb/NOTES.txt | 32 --- .../components/clamp-mariadb/requirements.yaml | 21 -- .../resources/config/init/docker-entrypoint.sh | 198 --------------- .../resources/config/mariadb/conf.d/conf1/my.cnf | 209 ---------------- .../docker-entrypoint-initdb.d/create-tables.sql | 257 ------------------- .../components/clamp-mariadb/templates/NOTES.txt | 32 --- .../clamp-mariadb/templates/configmap.yaml | 57 ----- .../clamp-mariadb/templates/deployment.yaml | 113 --------- .../components/clamp-mariadb/templates/pv.yaml | 41 --- .../components/clamp-mariadb/templates/pvc.yaml | 40 --- .../clamp-mariadb/templates/secrets.yaml | 18 -- .../clamp-mariadb/templates/service.yaml | 41 --- .../clamp/components/clamp-mariadb/values.yaml | 130 ---------- kubernetes/clamp/requirements.yaml | 37 --- kubernetes/clamp/resources/config/default.conf | 31 --- .../resources/config/log/filebeat/filebeat.yml | 55 ---- kubernetes/clamp/templates/NOTES.txt | 32 --- kubernetes/clamp/templates/configmap.yaml | 31 --- kubernetes/clamp/templates/deployment.yaml | 105 -------- kubernetes/clamp/templates/ingress.yaml | 1 - kubernetes/clamp/templates/secrets.yaml | 18 -- kubernetes/clamp/templates/service.yaml | 69 ----- kubernetes/clamp/values.yaml | 183 -------------- kubernetes/onap/requirements.yaml | 4 - .../policy/components/policy-clamp-be/Chart.yaml | 19 ++ .../components/policy-clamp-be/requirements.yaml | 22 ++ .../resources/config/application.properties | 71 ++++++ .../resources/config/create-db-tables.sh | 19 ++ .../resources/config/log/filebeat/filebeat.yml | 55 ++++ .../config/policy-clamp-create-tables.sql | 257 +++++++++++++++++++ .../resources/config/sdc-controllers-config.json | 18 ++ .../components/policy-clamp-be/templates/NOTES.txt | 32 +++ .../policy-clamp-be/templates/configmap.yaml | 31 +++ .../policy-clamp-be/templates/deployment.yaml | 126 ++++++++++ .../components/policy-clamp-be/templates/job.yaml | 84 +++++++ .../policy-clamp-be/templates/secrets.yaml | 18 ++ .../policy-clamp-be/templates/service.yaml | 42 ++++ .../policy/components/policy-clamp-be/values.yaml | 154 ++++++++++++ .../policy/components/policy-clamp-fe/Chart.yaml | 19 ++ .../components/policy-clamp-fe/requirements.yaml | 22 ++ .../policy-clamp-fe/resources/config/default.conf | 31 +++ .../resources/config/log/filebeat/filebeat.yml | 55 ++++ .../components/policy-clamp-fe/templates/NOTES.txt | 32 +++ .../policy-clamp-fe/templates/configmap.yaml | 31 +++ .../policy-clamp-fe/templates/deployment.yaml | 105 ++++++++ .../policy-clamp-fe/templates/ingress.yaml | 1 + .../policy-clamp-fe/templates/secrets.yaml | 18 ++ .../policy-clamp-fe/templates/service.yaml | 43 ++++ .../policy/components/policy-clamp-fe/values.yaml | 150 +++++++++++ kubernetes/policy/requirements.yaml | 8 + kubernetes/policy/resources/config/db.sh | 2 +- kubernetes/policy/values.yaml | 5 + .../config/eteshare/config/robot_properties.py | 4 +- 94 files changed, 1471 insertions(+), 4292 deletions(-) delete mode 100644 kubernetes/clamp/.helmignore delete mode 100644 kubernetes/clamp/Chart.yaml delete mode 100644 kubernetes/clamp/Makefile delete mode 100644 kubernetes/clamp/components/Makefile delete mode 100644 kubernetes/clamp/components/clamp-backend/Chart.yaml delete mode 100644 kubernetes/clamp/components/clamp-backend/requirements.yaml delete mode 100644 kubernetes/clamp/components/clamp-backend/resources/config/application.properties delete mode 100644 kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml delete mode 100644 kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json delete mode 100644 kubernetes/clamp/components/clamp-backend/templates/NOTES.txt delete mode 100644 kubernetes/clamp/components/clamp-backend/templates/configmap.yaml delete mode 100644 kubernetes/clamp/components/clamp-backend/templates/deployment.yaml delete mode 100644 kubernetes/clamp/components/clamp-backend/templates/secrets.yaml delete mode 100644 kubernetes/clamp/components/clamp-backend/templates/service.yaml delete mode 100644 kubernetes/clamp/components/clamp-backend/values.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-es/Chart.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-es/requirements.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml delete mode 100644 kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-es/templates/service.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-es/values.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml delete mode 100644 kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-kibana/values.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml delete mode 100644 kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf delete mode 100644 kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml delete mode 100644 kubernetes/clamp/components/clamp-dash-logstash/values.yaml delete mode 100644 kubernetes/clamp/components/clamp-mariadb/Chart.yaml delete mode 100644 kubernetes/clamp/components/clamp-mariadb/NOTES.txt delete mode 100644 kubernetes/clamp/components/clamp-mariadb/requirements.yaml delete mode 100755 kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh delete mode 100644 kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf delete mode 100644 kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql delete mode 100644 kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt delete mode 100644 kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml delete mode 100644 kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml delete mode 100644 kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml delete mode 100644 kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml delete mode 100644 kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml delete mode 100644 kubernetes/clamp/components/clamp-mariadb/templates/service.yaml delete mode 100644 kubernetes/clamp/components/clamp-mariadb/values.yaml delete mode 100644 kubernetes/clamp/requirements.yaml delete mode 100644 kubernetes/clamp/resources/config/default.conf delete mode 100644 kubernetes/clamp/resources/config/log/filebeat/filebeat.yml delete mode 100644 kubernetes/clamp/templates/NOTES.txt delete mode 100644 kubernetes/clamp/templates/configmap.yaml delete mode 100644 kubernetes/clamp/templates/deployment.yaml delete mode 100644 kubernetes/clamp/templates/ingress.yaml delete mode 100644 kubernetes/clamp/templates/secrets.yaml delete mode 100644 kubernetes/clamp/templates/service.yaml delete mode 100644 kubernetes/clamp/values.yaml create mode 100644 kubernetes/policy/components/policy-clamp-be/Chart.yaml create mode 100644 kubernetes/policy/components/policy-clamp-be/requirements.yaml create mode 100644 kubernetes/policy/components/policy-clamp-be/resources/config/application.properties create mode 100755 kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh create mode 100644 kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml create mode 100644 kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql create mode 100644 kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json create mode 100644 kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt create mode 100644 kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml create mode 100644 kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml create mode 100755 kubernetes/policy/components/policy-clamp-be/templates/job.yaml create mode 100644 kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml create mode 100644 kubernetes/policy/components/policy-clamp-be/templates/service.yaml create mode 100644 kubernetes/policy/components/policy-clamp-be/values.yaml create mode 100644 kubernetes/policy/components/policy-clamp-fe/Chart.yaml create mode 100644 kubernetes/policy/components/policy-clamp-fe/requirements.yaml create mode 100644 kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf create mode 100644 kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml create mode 100644 kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt create mode 100644 kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml create mode 100644 kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml create mode 100644 kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml create mode 100644 kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml create mode 100644 kubernetes/policy/components/policy-clamp-fe/templates/service.yaml create mode 100644 kubernetes/policy/components/policy-clamp-fe/values.yaml diff --git a/kubernetes/clamp/.helmignore b/kubernetes/clamp/.helmignore deleted file mode 100644 index 68ffb32406..0000000000 --- a/kubernetes/clamp/.helmignore +++ /dev/null @@ -1 +0,0 @@ -components/ diff --git a/kubernetes/clamp/Chart.yaml b/kubernetes/clamp/Chart.yaml deleted file mode 100644 index e9f2197ea1..0000000000 --- a/kubernetes/clamp/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Clamp -name: clamp -version: 7.0.0 diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile deleted file mode 100644 index 89b2f465ec..0000000000 --- a/kubernetes/clamp/Makefile +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := dist resources templates charts docker -HELM_BIN := helm -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) -HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) -ifeq "$(findstring v3,$(HELM_VER))" "v3" - @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) push -f $$PACKAGE_NAME local; fi -else - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi -endif - @$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */requirements.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/clamp/components/Makefile b/kubernetes/clamp/components/Makefile deleted file mode 100644 index bf267b7720..0000000000 --- a/kubernetes/clamp/components/Makefile +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) -OUTPUT_DIR := $(ROOT_DIR)/../../dist -PACKAGE_DIR := $(OUTPUT_DIR)/packages -SECRET_DIR := $(OUTPUT_DIR)/secrets - -EXCLUDES := -HELM_BIN := helm -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) - -.PHONY: $(EXCLUDES) $(HELM_CHARTS) - -all: $(HELM_CHARTS) - -$(HELM_CHARTS): - @echo "\n[$@]" - @make package-$@ - -make-%: - @if [ -f $*/Makefile ]; then make -C $*; fi - -dep-%: make-% - @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi - -lint-%: dep-% - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi - -package-%: lint-% - @mkdir -p $(PACKAGE_DIR) - @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi - @$(HELM_BIN) repo index $(PACKAGE_DIR) - -clean: - @rm -f */requirements.lock - @rm -f *tgz */charts/*tgz - @rm -rf $(PACKAGE_DIR) -%: - @: diff --git a/kubernetes/clamp/components/clamp-backend/Chart.yaml b/kubernetes/clamp/components/clamp-backend/Chart.yaml deleted file mode 100644 index c9aa635ab5..0000000000 --- a/kubernetes/clamp/components/clamp-backend/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Clamp -name: clamp-backend -version: 7.0.0 diff --git a/kubernetes/clamp/components/clamp-backend/requirements.yaml b/kubernetes/clamp/components/clamp-backend/requirements.yaml deleted file mode 100644 index 734166b43d..0000000000 --- a/kubernetes/clamp/components/clamp-backend/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: certInitializer - version: ~7.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~7.x-0 - repository: '@local' \ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties deleted file mode 100644 index 8dd0fc796a..0000000000 --- a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -### -# ============LICENSE_START======================================================= -# ONAP CLAMP -# ================================================================================ -# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights -# reserved. -# ================================================================================ -# Modifications copyright (c) 2019 Nokia -# ================================================================================\ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END============================================ -# =================================================================== -# -### -*/}} -{{- if .Values.global.aafEnabled }} -server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} -server.ssl.key-store-password=${cadi_keystore_password_p12} -server.ssl.key-password=${cadi_key_password} -server.ssl.key-store-type=PKCS12 -server.ssl.key-alias={{ .Values.certInitializer.fqi }} - -# The key file used to decode the key store and trust store password -# If not defined, the key store and trust store password will not be decrypted -clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }} - -## Config part for Client certificates -server.ssl.client-auth=want -server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} -server.ssl.trust-store-password=${cadi_truststore_password} -{{- end }} - -#clds datasource connection details -spring.datasource.username=${MYSQL_USER} -spring.datasource.password=${MYSQL_PASSWORD} -spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 -spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements - -#The log folder that will be used in logback.xml file -clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json - -# -# Configuration Settings for Policy Engine Components -clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969 -clamp.config.policy.api.userName=healthcheck -clamp.config.policy.api.password=zb!XztG34 -clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969 -clamp.config.policy.pap.userName=healthcheck -clamp.config.policy.pap.password=zb!XztG34 - -#DCAE Inventory Url Properties -clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080 -clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 -#DCAE Deployment Url Properties -clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 -clamp.config.dcae.deployment.userName=none -clamp.config.dcae.deployment.password=none - -#AAF related parameters -clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 8717e6f33a..0000000000 --- a/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,55 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"] - #If enable will do load balancing among availabe Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json deleted file mode 100644 index 3adda95c11..0000000000 --- a/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "sdc-connections":{ - "sdc-controller":{ - "user": "clamp", - "consumerGroup": "clamp", - "consumerId": "clamp", - "environmentName": "AUTO", - "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", - "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", - "pollingInterval":30, - "pollingTimeout":30, - "activateServerTLSAuth":"false", - "keyStorePassword":"", - "keyStorePath":"", - "messageBusAddresses":["message-router.{{ include "common.namespace" . }}"] - } - } -} diff --git a/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt b/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt deleted file mode 100644 index e36d6a5bfb..0000000000 --- a/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit https://127.0.0.1:8443 to use your application" - kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml deleted file mode 100644 index 1a5b0ce06a..0000000000 --- a/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml deleted file mode 100644 index 9153f9d0ff..0000000000 --- a/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /app/ready.py - args: - - --container-name - - clamp-mariadb - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -{{ include "common.certInitializer.initContainer" . | indent 6 }} - containers: - # side car containers - {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} - # main container - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - workingDir: "/opt/clamp/" - args: - - -c - - | - {{- if .Values.global.aafEnabled }} - export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0) - {{- end }} - java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./app.jar - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: logs - mountPath: {{ .Values.log.path }} - - mountPath: /opt/clamp/sdc-controllers-config.json - name: {{ include "common.fullname" . }}-config - subPath: sdc-controllers-config.json - - mountPath: /opt/clamp/application.properties - name: {{ include "common.fullname" . }}-config - subPath: application.properties - env: - - name: MYSQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - - name: MYSQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - - name: MYSQL_DATABASE - value: {{ tpl .Values.db.databaseName .}} - {{- if ne "unlimited" (include "common.flavor" .) }} - - name: JAVA_RAM_CONFIGURATION - value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75 - {{- end }} - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 10 }} - {{- end }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }} - items: - - key: sdc-controllers-config.json - path: sdc-controllers-config.json - - key: application.properties - path: application.properties - - name: logs - emptyDir: {} - {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml deleted file mode 100644 index 4cf8155f6c..0000000000 --- a/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/components/clamp-backend/templates/service.yaml b/kubernetes/clamp/components/clamp-backend/templates/service.yaml deleted file mode 100644 index c01d36a53d..0000000000 --- a/kubernetes/clamp/components/clamp-backend/templates/service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/clamp/components/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml deleted file mode 100644 index efd08ba4d0..0000000000 --- a/kubernetes/clamp/components/clamp-backend/values.yaml +++ /dev/null @@ -1,151 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: # global defaults - nodePortPrefix: 302 - persistence: {} - centralizedLoggingEnabled: true - #AAF service - aafEnabled: true - -################################################################# -# AAF part -################################################################# -certInitializer: - permission_user: 1000 - permission_group: 999 - keystoreFile: 'org.onap.clamp.p12' - truststoreFile: 'org.onap.clamp.trust.jks' - keyFile: 'org.onap.clamp.keyfile' - truststoreFileONAP: 'truststoreONAPall.jks' - nameOverride: clamp-backend-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: clamp - fqi: clamp@clamp.onap.org - public_fqdn: clamp.onap.org - cadi_longitude: '-72.0' - cadi_latitude: '38.0' - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: > - /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; - grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_truststore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_truststore_password.pwd; - grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_key_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_key_password.pwd; - grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password.pwd; - grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password_p12=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd; - cd {{ .Values.credsPath }}; - chmod a+rx *; - -secrets: - - uid: db-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - passwordPolicy: required - -flavor: small - -# application image -image: onap/clamp-backend:5.1.5 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# log configuration -log: - path: /var/log/onap - -################################################################# -# Application configuration defaults. -################################################################# - -#####dummy values for db user and password to pass lint!!!####### - -db: - user: dummyclds - password: dummysidnnd83K - databaseName: dummycldsdb4 - -config: - log: - logstashServiceName: log-ls - logstashPort: 5044 - mysqlPassword: strong_pitchou - dataRootDir: /dockerdata-nfs - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 3 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - -service: - type: ClusterIP - name: clamp-backend - portName: clamp-backend - internalPort: 8443 - externalPort: 443 - -ingress: - enabled: false - -#resources: {} -# We usually recommend not to specify default resources and to leave this as a conscious -# choice for the user. This also increases chances charts run on environments with little -# resources, such as Minikube. If you do want to specify resources, uncomment the following -# lines, adjust them as necessary, and remove the curly braces after 'resources:'. -# -# Example: -# Configure resource requests and limits -# ref: http://kubernetes.io/docs/user-guide/compute-resources/ -# Minimum memory for development is 2 CPU cores and 4GB memory -# Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 1m - memory: 1Gi - large: - limits: - cpu: 1 - memory: 3Gi - requests: - cpu: 10m - memory: 3Gi - unlimited: {} diff --git a/kubernetes/clamp/components/clamp-dash-es/Chart.yaml b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml deleted file mode 100644 index c2b8ccb781..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Clamp Dashboard Elasticsearch -name: clamp-dash-es -version: 7.0.0 diff --git a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml deleted file mode 100644 index 22b92c4ef7..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/requirements.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~7.x-0 - repository: '@local' - - name: certInitializer - version: ~7.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~7.x-0 - repository: '@local' \ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml deleted file mode 100644 index 9e04d5ae01..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml +++ /dev/null @@ -1,138 +0,0 @@ ---- -# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ======================== Elasticsearch Configuration ========================= -# -# NOTE: Elasticsearch comes with reasonable defaults for most settings. -# Before you set out to tweak and tune the configuration, make sure you -# understand what are you trying to accomplish and the consequences. -# -# The primary way of configuring a node is via this file. This template lists -# the most important settings you may want to configure for a production cluster. -# -# Please consult the documentation for further information on configuration options: -# https://www.elastic.co/guide/en/elasticsearch/reference/index.html -# -# ---------------------------------- Cluster ----------------------------------- -# -# Name of the Elasticsearch cluster. -# A node can only join a cluster when it shares its cluster.name with all the other nodes in the cluster. -# The default name is elasticsearch, but you should change it to an appropriate name which describes the -# purpose of the cluster. -# -## Default Elasticsearch configuration from elasticsearch-docker. -## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/ -# - -cluster.name: "clamp-dashboard" -node.name: "cldash-es-node1" -# ---------------------------------- Network ----------------------------------- -# -# Set the bind address to a specific IP (IPv4 or IPv6): -# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a -# non-loopback address. -network.host: 0.0.0.0 -# -# Set a custom port for HTTP: If required, default is 9200-9300 -# -#http.port: $http.port -# -# For more information, consult the network module documentation. -# ----------------------------------- Paths ------------------------------------ -# -# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma. -# In production, we should not keep this default to "/elasticsearch/data", as on upgrading Elasticsearch, directory structure -# may change & can deal to data loss. -path.data: /usr/share/elasticsearch/data -# -# Elasticsearch's log files location. In production, we should not keep this default to "/elasticsearch/logs", -# as on upgrading Elasticsearch, directory structure may change. -path.logs: /usr/share/elasticsearch/logs -# -# ----------------------------------- Memory ----------------------------------- -# -# It is vitally important to the health of your node that none of the JVM is ever swapped out to disk. -# Lock the memory on startup. -# -bootstrap.memory_lock: false -# -# Make sure that the heap size is set to about half the memory available -# on the system and that the owner of the process is allowed to use this -# limit. -# -# Elasticsearch performs poorly when the system is swapping the memory. -# -# --------------------------------- Discovery ---------------------------------- -# -# Pass an initial list of hosts to perform discovery when new node is started -# To form a cluster with nodes on other servers, you have to provide a seed list of other nodes in the cluster -# that are likely to be live and contactable. -# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try -# to connect to other nodes running on the same server. -# # minimum_master_nodes need to be explicitly set when bound on a public IP -# # set to 1 to allow single node clusters -# # Details: https://github.com/elastic/elasticsearch/pull/17288 -discovery.zen.minimum_master_nodes: 1 -discovery.seed_hosts: [] -# # Breaking change in 7.0 -# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes -cluster.initial_master_nodes: - - cldash-es-node1 -# - docker-test-node-1 -# ---------------------------------- Various ----------------------------------- -# -# Require explicit names when deleting indices: -# -#action.destructive_requires_name: true -# Set a custom port for HTTP: If required, default is 9200-9300 -# This is used for REST APIs -http.port: {{.Values.service.externalPort}} -# Port to bind for communication between nodes. Accepts a single value or a range. -# If a range is specified, the node will bind to the first available port in the range. -# Defaults to 9300-9400. -# More info: -transport.tcp.port: {{.Values.service.externalPort2}} - -######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## -# WARNING: revise all the lines below before you go into production -{{- if .Values.global.aafEnabled }} -opendistro_security.ssl.transport.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} -opendistro_security.ssl.transport.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} -opendistro_security.ssl.transport.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} -opendistro_security.ssl.http.pemcert_filepath: {{ .Values.certInitializer.clamp_pem }} -opendistro_security.ssl.http.pemkey_filepath: {{ .Values.certInitializer.clamp_key }} -opendistro_security.ssl.http.pemtrustedcas_filepath: {{ .Values.certInitializer.clamp_ca_certs_pem }} -{{- else }} -opendistro_security.ssl.transport.pemcert_filepath: esnode.pem -opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem -opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem -opendistro_security.ssl.http.pemcert_filepath: esnode.pem -opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem -opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem -{{- end }} -opendistro_security.ssl.transport.enforce_hostname_verification: false -opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}} - -opendistro_security.allow_unsafe_democertificates: true -opendistro_security.allow_default_init_securityindex: true -opendistro_security.authcz.admin_dn: - - CN=kirk,OU=client,O=client,L=test, C=de - -opendistro_security.audit.type: internal_elasticsearch -opendistro_security.enable_snapshot_restore_privilege: true -opendistro_security.check_snapshot_restore_write_privileges: true -opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] -cluster.routing.allocation.disk.threshold_enabled: false -node.max_local_storage_nodes: 3 -######## End OpenDistro for Elasticsearch Security Demo Configuration ######## diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml deleted file mode 100644 index fe0349ede9..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml deleted file mode 100644 index d7aa77cd01..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /bin/sh - - -c - - | - sysctl -w vm.max_map_count=262144 - mkdir -p /usr/share/elasticsearch/logs - mkdir -p /usr/share/elasticsearch/data - chmod -R 777 /usr/share/elasticsearch - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - securityContext: - privileged: true - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: init-sysctl - volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/elasticsearch/logs/ - - name: {{ include "common.fullname" . }}-data - mountPath: /usr/share/elasticsearch/data/ -{{ include "common.certInitializer.initContainer" . | indent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_key }} - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_pem }} - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }} /usr/share/elasticsearch/config/{{ .Values.certInitializer.clamp_ca_certs_pem }} - /usr/local/bin/docker-entrypoint.sh - {{- end }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ include "common.servicename" . }} - - containerPort: {{ .Values.service.internalPort2 }} - name: {{ include "common.servicename" . }}2 -# disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort2 }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - env: - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml - name: {{ include "common.fullname" . }}-config - subPath: elasticsearch.yml - - mountPath: /usr/share/elasticsearch/data/ - name: {{ include "common.fullname" . }}-data - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }}-configmap - items: - - key: elasticsearch.yml - path: elasticsearch.yml - - name: {{ include "common.fullname" . }}-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - - name: {{ include "common.fullname" . }}-logs - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPathLogs }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml deleted file mode 100644 index 3669621b24..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml deleted file mode 100644 index 6ae4eea0d3..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end -}} diff --git a/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml deleted file mode 100644 index 9c182edbc0..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.config.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.config.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }}-tcp - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type2 }} - ports: - {{if eq .Values.service.type2 "NodePort" -}} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.config.portName2 }} - {{- else -}} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.config.portName2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/clamp/components/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml deleted file mode 100644 index 1e2ae4778d..0000000000 --- a/kubernetes/clamp/components/clamp-dash-es/values.yaml +++ /dev/null @@ -1,163 +0,0 @@ -# Copyright © 2020 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - centralizedLoggingEnabled: true - #AAF service - aafEnabled: true - -################################################################# -# AAF part -################################################################# -certInitializer: - permission_user: 1000 - permission_group: 999 - addconfig: true - keystoreFile: "org.onap.clamp.p12" - truststoreFile: "org.onap.clamp.trust.jks" - keyFile: "org.onap.clamp.keyfile" - truststoreFileONAP: "truststoreONAPall.jks" - clamp_key: "org.onap.clamp.crt.key" - clamp_pem: "org.onap.clamp.key.pem" - clamp_ca_certs_pem: "clamp-ca-certs.pem" - nameOverride: clamp-es-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: clamp - fqi: clamp@clamp.onap.org - public_fqdn: clamp.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: > - /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; - export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); - cd {{ .Values.credsPath }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; - chmod a+rx *; - -flavor: small - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/clamp-dashboard-elasticsearch:5.0.4 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -# Example: -config: {} - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 180 - periodSeconds: 30 - timeoutSeconds: 5 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 180 - periodSeconds: 30 - timeoutSeconds: 5 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - accessMode: ReadWriteOnce - size: 4Gi - mountPath: /dockerdata-nfs - mountSubPath: clamp/dashboard-elasticsearch/data - mountSubPathLogs: clamp - -security: - ssl: - enabled: true - -service: - type: ClusterIP - name: cdash-es - portName: cdash-es-rest - externalPort: 9200 - internalPort: 9200 - type2: ClusterIP - portName2: cdash-es-tcp - externalPort2: 9300 - internalPort2: 9300 - -ingress: - enabled: false - -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 2.5Gi - large: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 2.5Gi - unlimited: {} diff --git a/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml deleted file mode 100644 index f5c146a782..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Clamp Dashboard Kibana -name: clamp-dash-kibana -version: 7.0.0 diff --git a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml deleted file mode 100644 index 22b92c4ef7..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~7.x-0 - repository: '@local' - - name: certInitializer - version: ~7.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~7.x-0 - repository: '@local' \ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml deleted file mode 100644 index b7a8fbf348..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License.# Default Kibana configuration from kibana-docker. -*/}} - -server.name: "Clamp CL Dashboard" -server.host: "0" -# Kibana is served by a back end server. This setting specifies the port to use. -server.port: {{.Values.service.externalPort}} - -server.ssl.enabled: {{.Values.config.sslEnabled}} -{{- if .Values.global.aafEnabled }} -server.ssl.certificate: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_pem }} -server.ssl.key: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_key }} -{{ else }} -server.ssl.certificate: {{.Values.config.sslPemCertFilePath}} -server.ssl.key: {{.Values.config.sslPemkeyFilePath}} -{{- end }} -# The URL of the Elasticsearch instance to use for all your queries. -elasticsearch.hosts: ${elasticsearch_base_url} - -elasticsearch.ssl.verificationMode: none -elasticsearch.username: {{.Values.config.elasticUSR}} -elasticsearch.password: {{.Values.config.elasticPWD}} - -elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] - -opendistro_security.multitenancy.enabled: true -opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] -opendistro_security.readonly_mode.roles: ["kibana_read_only"] diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml deleted file mode 100644 index 48d85478c4..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-aaf-pem-keys - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml deleted file mode 100644 index 8cb95cdf0b..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /app/ready.py - args: - - --container-name - - clamp-dash-es - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -{{ include "common.certInitializer.initContainer" . | indent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ include "common.servicename" . }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} -# disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - env: - - name: elasticsearch_base_url - value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /usr/share/kibana/config/kibana.yml - name: {{ include "common.fullname" . }} - subPath: kibana.yml - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }} - configMap: - name: {{ include "common.fullname" . }} - items: - - key: kibana.yml - path: kibana.yml - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml deleted file mode 100644 index e5d7174e85..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{/* # Copyright © 2020 Samsung, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.ingress" . }} diff --git a/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml deleted file mode 100644 index f1b6cf55c6..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.config.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.config.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml deleted file mode 100644 index 9b5f1fc344..0000000000 --- a/kubernetes/clamp/components/clamp-dash-kibana/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - centralizedLoggingEnabled: true - #AAF service - aafEnabled: true - -################################################################# -# AAF part -################################################################# -certInitializer: - permission_user: 1000 - permission_group: 999 - addconfig: true - keystoreFile: "org.onap.clamp.p12" - truststoreFile: "org.onap.clamp.trust.jks" - keyFile: "org.onap.clamp.keyfile" - truststoreFileONAP: "truststoreONAPall.jks" - clamp_key: "org.onap.clamp.crt.key" - clamp_pem: "org.onap.clamp.key.pem" - clamp_ca_certs_pem: "clamp-ca-certs.pem" - nameOverride: clamp-kibana-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: clamp - fqi: clamp@clamp.onap.org - public_fqdn: clamp.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: > - /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; - export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); - cd {{ .Values.credsPath }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; - chmod a+rx *; - -flavor: small - -################################################################# -# Application configuration defaults. -################################################################# -# application image -image: onap/clamp-dashboard-kibana:5.0.4 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -#the 'sslEnabled flag' here below is for the kibana UI connection (web browser connection to kibana) -config: - elasticsearchServiceName: cdash-es - elasticsearchPort: 9200 - elasticUSR: kibanaserver - elasticPWD: kibanaserver - sslEnabled: true - sslPemCertFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.crt.pem - sslPemkeyFilePath: /usr/share/kibana/config/keystore/org.onap.clamp.key.pem - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 360 - periodSeconds: 30 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 360 - periodSeconds: 30 - -#internal ssl security scheme for elasticsearch connection mainly -security: - ssl: - enabled: true - -service: - #Example service definition with external, internal and node ports. - #Services may use any combination of ports depending on the 'type' of - #service being defined. - type: NodePort - name: cdash-kibana - portName: cdash-kibana-http - externalPort: 5601 - internalPort: 5601 - nodePort: 90 -ingress: - enabled: false - service: - - baseaddr: "cdash-kibana" - name: "cdash-kibana" - port: 5601 - config: - ssl: "redirect" - -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: 1 - memory: 2Gi - requests: - cpu: 10m - memory: 750Mi - large: - limits: - cpu: 1 - memory: 2Gi - requests: - cpu: 10m - memory: 750Mi - unlimited: {} diff --git a/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml deleted file mode 100644 index 686898eea2..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Clamp Dashboard Logstash -name: clamp-dash-logstash -version: 7.0.0 diff --git a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml deleted file mode 100644 index 22b92c4ef7..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~7.x-0 - repository: '@local' - - name: certInitializer - version: ~7.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~7.x-0 - repository: '@local' \ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml deleted file mode 100644 index 1e06e34cfb..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -http.host: "0.0.0.0" -## Path where pipeline configurations reside -path.config: /usr/share/logstash/pipeline - -## Type of queue : memeory based or file based -#queue.type: persisted -## Size of queue -#queue.max_bytes: 1024mb -## Setting true makes logstash check periodically for change in pipeline configurations -config.reload.automatic: true - diff --git a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf deleted file mode 100644 index b978e766d3..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf +++ /dev/null @@ -1,277 +0,0 @@ -{{/* -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -input { - http_poller { - urls => { - event_queue => { - method => get - url => "${dmaap_base_url}/events/${event_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000" - headers => { - Accept => "application/json" - } - topic => "${event_topic}" - tags => [ "dmaap_source" ] - } - notification_queue => { - method => get - url => "${dmaap_base_url}/events/${notification_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000" - headers => { - Accept => "application/json" - } - topic => "${notification_topic}" - tags => [ "dmaap_source" ] - } - request_queue => { - method => get - url => "${dmaap_base_url}/events/${request_topic}/${dmaap_consumer_group}/${dmaap_consumer_id}?timeout=15000" - headers => { - Accept => "application/json" - } - topic => "${request_topic}" - tags => [ "dmaap_source" ] - } - } - socket_timeout => 30 - request_timeout => 30 - schedule => { "every" => "1m" } - codec => "plain" -{{- if .Values.global.aafEnabled }} - cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" -{{- else }} - cacert => "/certs.d/aafca.pem" -{{- end }} - } -} - - -filter { - # avoid noise if no entry in the list - if [message] == "[]" { - drop { } - } - - if [http_request_failure] or [@metadata][code] != 200 { - mutate { - add_tag => [ "error" ] - } - } - - if "dmaap_source" in [@metadata][request][tags] { - # - # Dmaap provides a json list, whose items are Strings containing the event - # provided to Dmaap, which itself is an escaped json. - # - # We first need to parse the json as we have to use the plaintext as it cannot - # work with list of events, then split that list into multiple string events, - # that we then transform into json. - # - json { - source => "[message]" - target => "message" - } - - split { - field => "message" - } - json { - source => "message" - } - mutate { - remove_field => [ "message" ] - } - } - - # - # Some timestamps are expressed as milliseconds, some are in microseconds - # - if [closedLoopAlarmStart] { - ruby { - code => " - if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999 - event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000) - else - event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10)) - end - " - } - date { - match => [ "closedLoopAlarmStart", UNIX_MS ] - target => "closedLoopAlarmStart" - } - } - - if [closedLoopAlarmEnd] { - ruby { - code => " - if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999 - event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000) - else - event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10)) - end - " - } - date { - match => [ "closedLoopAlarmEnd", UNIX_MS ] - target => "closedLoopAlarmEnd" - } - - } - - - # - # Notification time are expressed under the form "yyyy-MM-dd HH:mm:ss", which - # is close to ISO8601, but lacks of T as spacer: "yyyy-MM-ddTHH:mm:ss" - # - if [notificationTime] { - mutate { - gsub => [ - "notificationTime", " ", "T" - ] - } - date { - match => [ "notificationTime", ISO8601 ] - target => "notificationTime" - } - } - - - # - # Renaming some fields for readability - # - if [AAI][generic-vnf.vnf-name] { - mutate { - add_field => { "vnfName" => "%{[AAI][generic-vnf.vnf-name]}" } - } - } - if [AAI][generic-vnf.vnf-type] { - mutate { - add_field => { "vnfType" => "%{[AAI][generic-vnf.vnf-type]}" } - } - } - if [AAI][vserver.vserver-name] { - mutate { - add_field => { "vmName" => "%{[AAI][vserver.vserver-name]}" } - } - } - if [AAI][complex.city] { - mutate { - add_field => { "locationCity" => "%{[AAI][complex.city]}" } - } - } - if [AAI][complex.state] { - mutate { - add_field => { "locationState" => "%{[AAI][complex.state]}" } - } - } - - - # - # Adding some flags to ease aggregation - # - if [closedLoopEventStatus] =~ /(?i)ABATED/ { - mutate { - add_field => { "flagAbated" => "1" } - } - } - if [notification] =~ /^.*?(?:\b|_)FINAL(?:\b|_).*?(?:\b|_)FAILURE(?:\b|_).*?$/ { - mutate { - add_field => { "flagFinalFailure" => "1" } - } - } - - - if "error" not in [@metadata][request][tags]{ - # - # Creating data for a secondary index - # - clone { - clones => [ "event-cl-aggs" ] - add_tag => [ "event-cl-aggs" ] - } - - if "event-cl-aggs" in [@metadata][request][tags]{ - # - # we only need a few fields for aggregations; remove all fields from clone except : - # vmName,vnfName,vnfType,requestID,closedLoopAlarmStart, closedLoopControlName,closedLoopAlarmEnd,abated,nbrDmaapevents,finalFailure - # - prune { - whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"] - } - - } - } -} - - -output { - stdout { - codec => rubydebug - } - - if "error" in [tags] { - elasticsearch { - ilm_enabled => false - codec => "json" -{{- if .Values.global.aafEnabled }} - cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" -{{- else }} - cacert => "/clamp-cert/ca-certs.pem" -{{- end }} - ssl_certificate_verification => false - hosts => ["${elasticsearch_base_url}"] - user => ["${logstash_user}"] - password => ["${logstash_pwd}"] - index => "errors-%{+YYYY.MM.DD}" - doc_as_upsert => true - } - - } else if "event-cl-aggs" in [tags] { - elasticsearch { - ilm_enabled => false - codec => "json" - hosts => ["${elasticsearch_base_url}"] -{{- if .Values.global.aafEnabled }} - cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" -{{- else }} - cacert => "/clamp-cert/ca-certs.pem" -{{- end }} - ssl_certificate_verification => false - user => ["${logstash_user}"] - password => ["${logstash_pwd}"] - document_id => "%{requestID}" - index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop - doc_as_upsert => true - action => "update" - } - - } else { - elasticsearch { - ilm_enabled => false - codec => "json" - hosts => ["${elasticsearch_base_url}"] -{{- if .Values.global.aafEnabled }} - cacert => "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.clamp_ca_certs_pem }}" -{{- else }} - cacert => "/clamp-cert/ca-certs.pem" -{{- end }} - ssl_certificate_verification => false - user => ["${logstash_user}"] - password => ["${logstash_pwd}"] - index => "events-%{+YYYY.MM.DD}" # creates daily indexes - doc_as_upsert => true - } - } -} diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml deleted file mode 100644 index 3e98246df1..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml deleted file mode 100644 index f098338c7f..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml +++ /dev/null @@ -1,130 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /app/ready.py - args: - - --container-name - - clamp-dash-es - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -{{ include "common.certInitializer.initContainer" . | indent 6 }} - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: dmaap_consumer_group - value: "{{ .Values.config.dmaapConsumerGroup }}" - - name: dmaap_consumer_id - value: "{{ .Values.config.dmaapConsumerId }}" - - name: event_topic - value: "{{ .Values.config.eventTopic }}" - - name: notification_topic - value: "{{ .Values.config.notificationTopic }}" - - name: request_topic - value: "{{ .Values.config.requestTopic }}" - - name: dmaap_base_url - value: {{ ternary "https" "http" .Values.security.ssl.enabled }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }} - - name: logstash_user - value: "{{ .Values.config.logstash_user }}" - - name: logstash_pwd - value: "{{ .Values.config.logstash_pwd }}" - - name: elasticsearch_base_url - value: "{{ ternary "https" "http" .Values.security.ssl.enabled }}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}" - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ include "common.servicename" . }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} -# disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{ end -}} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /usr/share/logstash/config/logstash.yml - name: {{ include "common.fullname" . }} - subPath: logstash.yml - - mountPath: /usr/share/logstash/pipeline/logstash.conf - name: {{ include "common.fullname" . }} - subPath: pipeline.conf - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }} - configMap: - name: {{ include "common.fullname" . }} - items: - - key: logstash.yml - path: logstash.yml - - key: pipeline.conf - path: pipeline.conf - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml deleted file mode 100644 index f1b6cf55c6..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.config.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.config.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml deleted file mode 100644 index 9aab3af252..0000000000 --- a/kubernetes/clamp/components/clamp-dash-logstash/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - centralizedLoggingEnabled: true - #AAF service - aafEnabled: true - -################################################################# -# AAF part -################################################################# -certInitializer: - permission_user: 1000 - permission_group: 999 - addconfig: true - keystoreFile: "org.onap.clamp.p12" - truststoreFile: "org.onap.clamp.trust.jks" - keyFile: "org.onap.clamp.keyfile" - truststoreFileONAP: "truststoreONAPall.jks" - clamp_key: "org.onap.clamp.crt.key" - clamp_pem: "org.onap.clamp.key.pem" - clamp_ca_certs_pem: "clamp-ca-certs.pem" - nameOverride: clamp-logstash-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: clamp - fqi: clamp@clamp.onap.org - public_fqdn: clamp.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: > - /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; - export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); - cd {{ .Values.credsPath }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; - chmod a+rx *; - -flavor: small - -################################################################# -# Application configuration defaults. -################################################################# - -# application image -image: onap/clamp-dashboard-logstash:5.0.4 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - elasticsearchServiceName: cdash-es - elasticsearchPort: 9200 - dmaapHost: message-router - dmaapSchemeSSL: https - dmaapSchemeNoSSL: http - dmaapPort: 3905 - dmaapConsumerGroup: "clampdashboard" - dmaapConsumerId: "clampdashboard" - eventTopic: "DCAE-CL-EVENT" - notificationTopic: "POLICY-CL-MGT" - requestTopic: "APPC-CL" - logstash_user: "logstash" - logstash_pwd: "logstash" - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 900 - periodSeconds: 20 - timeoutSeconds: 5 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 900 - periodSeconds: 20 - timeoutSeconds: 5 - -security: - ssl: - enabled: true - -service: - #Example service definition with external, internal and node ports. - #Services may use any combination of ports depending on the 'type' of - #service being defined. - type: ClusterIP - name: cdash-ls - portName: cdash-ls-healthcheck - externalPort: 9600 - internalPort: 9600 -ingress: - enabled: false - -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: 1 - memory: 1.3Gi - requests: - cpu: 10m - memory: 750Mi - large: - limits: - cpu: 1 - memory: 1.3Gi - requests: - cpu: 10m - memory: 750Mi - unlimited: {} diff --git a/kubernetes/clamp/components/clamp-mariadb/Chart.yaml b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml deleted file mode 100644 index c0de18592c..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: MariaDB Service -name: clamp-mariadb -version: 7.0.0 diff --git a/kubernetes/clamp/components/clamp-mariadb/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt deleted file mode 100644 index 1103affff1..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/clamp/components/clamp-mariadb/requirements.yaml b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml deleted file mode 100644 index d62ef09a4d..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/requirements.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~7.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~7.x-0 - repository: '@local' \ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh deleted file mode 100755 index 71f32e2eff..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh +++ /dev/null @@ -1,198 +0,0 @@ -#!/bin/bash -set -eo pipefail -shopt -s nullglob - -# if command starts with an option, prepend mysqld -if [ "${1:0:1}" = '-' ]; then - set -- mysqld "$@" -fi - -# skip setup if they want an option that stops mysqld -wantHelp= -for arg; do - case "$arg" in - -'?'|--help|--print-defaults|-V|--version) - wantHelp=1 - break - ;; - esac -done - -prepare_password() -{ - echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - echo >&2 "error: both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - val=`prepare_password $val` - export "$var"="$val" - unset "$fileVar" -} - -_check_config() { - toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) - if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then - cat >&2 <<-EOM - - ERROR: mysqld failed while attempting to check config - command was: "${toRun[*]}" - - $errors - EOM - exit 1 - fi -} - -# Fetch value from server config -# We use mysqld --verbose --help instead of my_print_defaults because the -# latter only show values present in config files, and not server defaults -_get_config() { - local conf="$1"; shift - "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \ - | awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' - # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" -} - -# allow the container to be started with `--user` -if [ "$1" = 'mysqld' -a -z "$wantHelp" -a "$(id -u)" = '0' ]; then - _check_config "$@" - DATADIR="$(_get_config 'datadir' "$@")" - mkdir -p "$DATADIR" - find "$DATADIR" \! -user mysql -exec chown mysql '{}' + - exec gosu mysql "$BASH_SOURCE" "$@" -fi - -if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then - # still need to check config, container may have started with --user - _check_config "$@" - # Get config - DATADIR="$(_get_config 'datadir' "$@")" - - if [ ! -d "$DATADIR/mysql" ]; then - file_env 'MYSQL_ROOT_PASSWORD' - if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - echo >&2 'error: database is uninitialized and password option is not specified ' - echo >&2 ' You need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' - exit 1 - fi - - mkdir -p "$DATADIR" - - echo 'Initializing database' - # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) - mysql_install_db --datadir="$DATADIR" --rpm "${@:2}" - echo 'Database initialized' - - SOCKET="$(_get_config 'socket' "$@")" - "$@" --skip-networking --socket="${SOCKET}" & - pid="$!" - - mysql=( mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" ) - - for i in {30..0}; do - if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then - break - fi - echo 'MySQL init process in progress...' - sleep 1 - done - if [ "$i" = 0 ]; then - echo >&2 'MySQL init process failed.' - exit 1 - fi - - if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then - # sed is for https://bugs.mysql.com/bug.php?id=20545 - mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql - fi - - if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)" - echo "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD" - fi - - rootCreate= - # default root to listen for connections from anywhere - file_env 'MYSQL_ROOT_HOST' '%' - if [ ! -z "$MYSQL_ROOT_HOST" -a "$MYSQL_ROOT_HOST" != 'localhost' ]; then - # no, we don't care if read finds a terminating character in this heredoc - # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 - read -r -d '' rootCreate <<-EOSQL || true - CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; - GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ; - EOSQL - fi - - "${mysql[@]}" <<-EOSQL - -- What's done in this file shouldn't be replicated - -- or products like mysql-fabric won't work - SET @@SESSION.SQL_LOG_BIN=0; - - DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ; - SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ; - GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ; - ${rootCreate} - DROP DATABASE IF EXISTS test ; - FLUSH PRIVILEGES ; - EOSQL - - if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then - mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) - fi - - file_env 'MYSQL_DATABASE' - if [ "$MYSQL_DATABASE" ]; then - echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" - mysql+=( "$MYSQL_DATABASE" ) - fi - - file_env 'MYSQL_USER' - file_env 'MYSQL_PASSWORD' - if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then - echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" | "${mysql[@]}" - - if [ "$MYSQL_DATABASE" ]; then - echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" - fi - fi - - echo - for f in /docker-entrypoint-initdb.d/*; do - case "$f" in - *.sh) echo "$0: running $f"; . "$f" ;; - *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; - *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; - *) echo "$0: ignoring $f" ;; - esac - echo - done - - if ! kill -s TERM "$pid" || ! wait "$pid"; then - echo >&2 'MySQL init process failed.' - exit 1 - fi - - echo - echo 'MySQL init process done. Ready for start up.' - echo - fi -fi - -exec "$@" diff --git a/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf deleted file mode 100644 index 8b5dc2a021..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf +++ /dev/null @@ -1,209 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# Example MySQL config file for medium systems. -# -# This is for a system with memory 8G where MySQL plays -# an important part, or systems up to 128M where MySQL is used together with -# other programs (such as a web server) -# -# In this file, you can use all long options that a program supports. -# If you want to know which options a program supports, run the program -# with the "--help" option. -*/}} - -# The following options will be passed to all MySQL clients -##[client] -##user = root -##port = 3306 -##socket = //opt/app/mysql/mysql.sock - -# Here follows entries for some specific programs - -# The MySQL server -[mysqld] -##performance_schema - -slow_query_log =ON -long_query_time =2 -slow_query_log_file =//var/lib/mysql/slow_query.log -##basedir = //opt/app/mysql/product/mariadb-10.1.11-linux-x86_64 -##datadir = //opt/app/mysql/data -##port = 3306 -##socket = //opt/app/mysql/mysql.sock -skip-external-locking -explicit_defaults_for_timestamp = true -skip-symbolic-links -local-infile = 0 -#ignore_db_dir=lost+found -key_buffer_size = 16M -max_allowed_packet = 4M -table_open_cache = 100 -sort_buffer_size = 512K -net_buffer_length = 8K -read_buffer_size = 256K -read_rnd_buffer_size = 512K -myisam_sort_buffer_size = 8M -max_connections = 500 -lower_case_table_names = 1 -thread_stack = 256K -thread_cache_size = 25 -query_cache_size = 8M -query_cache_type = 0 -query_prealloc_size = 512K -query_cache_limit = 1M - -# Password validation -##plugin-load-add=simple_password_check.so -##simple_password_check_other_characters=0 - -# Audit Log settings -plugin-load-add=server_audit.so -server_audit=FORCE_PLUS_PERMANENT -server_audit_file_path=//var/lib/mysql/audit.log -server_audit_file_rotate_size=50M -server_audit_events=CONNECT,QUERY,TABLE -server_audit_logging=on - -# Don't listen on a TCP/IP port at all. This can be a security enhancement, -# if all processes that need to connect to mysqld run on the same host. -# All interaction with mysqld must be made via Unix sockets or named pipes. -# Note that using this option without enabling named pipes on Windows -# (via the "enable-named-pipe" option) will render mysqld useless! -# -#skip-networking - -# Replication Master Server (default) -# binary logging is required for replication -##log-bin=//var/lib/mysql/mysql-bin - -# binary logging format - mixed recommended -binlog_format=row - -# required unique id between 1 and 2^32 - 1 -# defaults to 1 if master-host is not set -# but will not function as a master if omitted - -# Replication Slave (comment out master section to use this) -# -# To configure this host as a replication slave, you can choose between -# two methods : -# -# 1) Use the CHANGE MASTER TO command (fully described in our manual) - -# the syntax is: -# -# CHANGE MASTER TO MASTER_HOST=, MASTER_PORT=, -# MASTER_USER=, MASTER_PASSWORD= ; -# -# where you replace , , by quoted strings and -# by the master's port number (3306 by default). -# -# Example: -# -# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306, -# MASTER_USER='joe', MASTER_PASSWORD='secret'; -# -# OR -# -# 2) Set the variables below. However, in case you choose this method, then -# start replication for the first time (even unsuccessfully, for example -# if you mistyped the password in master-password and the slave fails to -# connect), the slave will create a master.info file, and any later -# change in this file to the variables' values below will be ignored and -# overridden by the content of the master.info file, unless you shutdown -# the slave server, delete master.info and restart the slaver server. -# For that reason, you may want to leave the lines below untouched -# (commented) and instead use CHANGE MASTER TO (see above) -# -# required unique id between 2 and 2^32 - 1 -# (and different from the master) -# defaults to 2 if master-host is set -# but will not function as a slave if omitted -#server-id = 2 -# -# The replication master for this slave - required -#master-host = -# -# The username the slave will use for authentication when connecting -# to the master - required -#master-user = -# -# The password the slave will authenticate with when connecting to -# the master - required -#master-password = -# -# The port the master is listening on. -# optional - defaults to 3306 -#master-port = -# -# binary logging - not required for slaves, but recommended -#log-bin=mysql-bin - -# Uncomment the following if you are using InnoDB tables -##innodb_data_home_dir = //opt/app/mysql/data -##innodb_data_file_path = ibdata1:20M:autoextend:max:32G -##innodb_log_group_home_dir = //opt/app/mysql/iblogs -# You can set .._buffer_pool_size up to 50 - 80 % -# of RAM but beware of setting memory usage too high -innodb_buffer_pool_size = 128M -#innodb_additional_mem_pool_size = 2M -# Set .._log_file_size to 25 % of buffer pool size -innodb_log_file_size = 10M -innodb_log_files_in_group = 3 -innodb_log_buffer_size = 8M -#innodb_flush_log_at_trx_commit = 1 -innodb_lock_wait_timeout = 50 -innodb_autoextend_increment = 100 -expire_logs_days = 8 -open_files_limit = 2000 -transaction-isolation=READ-COMMITTED -####### Galera parameters ####### -## Galera Provider configuration -wsrep_provider=/usr/lib/galera/libgalera_smm.so -wsrep_provider_options="gcache.size=128M; gcache.page_size=10M" -## Galera Cluster configuration -wsrep_cluster_name="MSO-automated-tests-cluster" -wsrep_cluster_address="gcomm://" -#wsrep_cluster_address="gcomm://mariadb1,mariadb2,mariadb3" -##wsrep_cluster_address="gcomm://192.169.3.184,192.169.3.185,192.169.3.186" -## Galera Synchronization configuration -wsrep_sst_method=rsync -#wsrep_sst_method=xtrabackup-v2 -#wsrep_sst_auth="sstuser:Mon#2o!6" -## Galera Node configuration -wsrep_node_name="mariadb1" -##wsrep_node_address="192.169.3.184" -wsrep_on=OFF -## Status notification -#wsrep_notify_cmd=/opt/app/mysql/bin/wsrep_notify -####### - - -[mysqldump] -quick -max_allowed_packet = 16M - -[mysql] -no-auto-rehash -# Remove the next comment character if you are not familiar with SQL -#safe-updates - -[myisamchk] -key_buffer_size = 20971520 - -##[mysqlhotcopy] -##interactive-timeout -##[mysqld_safe] -##malloc-lib=//opt/app/mysql/local/lib/libjemalloc.so.1 -##log-error=//opt/app/mysql/log/mysqld.log diff --git a/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql deleted file mode 100644 index 1f153bce04..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql +++ /dev/null @@ -1,257 +0,0 @@ - - create table dictionary ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - dictionary_second_level integer, - dictionary_type varchar(255), - primary key (name) - ) engine=InnoDB; - - create table dictionary_elements ( - short_name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - description varchar(255) not null, - name varchar(255) not null, - subdictionary_name varchar(255), - type varchar(255) not null, - primary key (short_name) - ) engine=InnoDB; - - create table dictionary_to_dictionaryelements ( - dictionary_name varchar(255) not null, - dictionary_element_short_name varchar(255) not null, - primary key (dictionary_name, dictionary_element_short_name) - ) engine=InnoDB; - - create table hibernate_sequence ( - next_val bigint - ) engine=InnoDB; - - insert into hibernate_sequence values ( 1 ); - - create table loop_element_models ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - blueprint_yaml MEDIUMTEXT, - dcae_blueprint_id varchar(255), - loop_element_type varchar(255) not null, - short_name varchar(255), - primary key (name) - ) engine=InnoDB; - - create table loop_logs ( - id bigint not null, - log_component varchar(255) not null, - log_instant datetime(6) not null, - log_type varchar(255) not null, - message MEDIUMTEXT not null, - loop_id varchar(255) not null, - primary key (id) - ) engine=InnoDB; - - create table loop_templates ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - allowed_loop_type varchar(255), - blueprint_yaml MEDIUMTEXT, - dcae_blueprint_id varchar(255), - maximum_instances_allowed integer, - svg_representation MEDIUMTEXT, - unique_blueprint boolean default false, - service_uuid varchar(255), - primary key (name) - ) engine=InnoDB; - - create table loopelementmodels_to_policymodels ( - loop_element_name varchar(255) not null, - policy_model_type varchar(255) not null, - policy_model_version varchar(255) not null, - primary key (loop_element_name, policy_model_type, policy_model_version) - ) engine=InnoDB; - - create table loops ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - dcae_deployment_id varchar(255), - dcae_deployment_status_url varchar(255), - global_properties_json json, - last_computed_state varchar(255) not null, - svg_representation MEDIUMTEXT, - loop_template_name varchar(255) not null, - service_uuid varchar(255), - primary key (name) - ) engine=InnoDB; - - create table loops_to_microservicepolicies ( - loop_name varchar(255) not null, - microservicepolicy_name varchar(255) not null, - primary key (loop_name, microservicepolicy_name) - ) engine=InnoDB; - - create table looptemplates_to_loopelementmodels ( - loop_element_model_name varchar(255) not null, - loop_template_name varchar(255) not null, - flow_order integer not null, - primary key (loop_element_model_name, loop_template_name) - ) engine=InnoDB; - - create table micro_service_policies ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - configurations_json json, - json_representation json not null, - pdp_group varchar(255), - pdp_sub_group varchar(255), - context varchar(255), - dcae_blueprint_id varchar(255), - dcae_deployment_id varchar(255), - dcae_deployment_status_url varchar(255), - device_type_scope varchar(255), - shared bit not null, - loop_element_model_id varchar(255), - policy_model_type varchar(255), - policy_model_version varchar(255), - primary key (name) - ) engine=InnoDB; - - create table operational_policies ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - configurations_json json, - json_representation json not null, - pdp_group varchar(255), - pdp_sub_group varchar(255), - loop_element_model_id varchar(255), - policy_model_type varchar(255), - policy_model_version varchar(255), - loop_id varchar(255) not null, - primary key (name) - ) engine=InnoDB; - - create table policy_models ( - policy_model_type varchar(255) not null, - version varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - policy_acronym varchar(255), - policy_tosca MEDIUMTEXT, - policy_pdp_group json, - primary key (policy_model_type, version) - ) engine=InnoDB; - - create table services ( - service_uuid varchar(255) not null, - name varchar(255) not null, - resource_details json, - service_details json, - version varchar(255), - primary key (service_uuid) - ) engine=InnoDB; - - alter table dictionary_to_dictionaryelements - add constraint FK68hjjinnm8nte2owstd0xwp23 - foreign key (dictionary_element_short_name) - references dictionary_elements (short_name); - - alter table dictionary_to_dictionaryelements - add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe - foreign key (dictionary_name) - references dictionary (name); - - alter table loop_logs - add constraint FK1j0cda46aickcaoxqoo34khg2 - foreign key (loop_id) - references loops (name); - - alter table loop_templates - add constraint FKn692dk6281wvp1o95074uacn6 - foreign key (service_uuid) - references services (service_uuid); - - alter table loopelementmodels_to_policymodels - add constraint FK23j2q74v6kaexefy0tdabsnda - foreign key (policy_model_type, policy_model_version) - references policy_models (policy_model_type, version); - - alter table loopelementmodels_to_policymodels - add constraint FKjag1iu0olojfwryfkvb5o0rk5 - foreign key (loop_element_name) - references loop_element_models (name); - - alter table loops - add constraint FK844uwy82wt0l66jljkjqembpj - foreign key (loop_template_name) - references loop_templates (name); - - alter table loops - add constraint FK4b9wnqopxogwek014i1shqw7w - foreign key (service_uuid) - references services (service_uuid); - - alter table loops_to_microservicepolicies - add constraint FKle255jmi7b065fwbvmwbiehtb - foreign key (microservicepolicy_name) - references micro_service_policies (name); - - alter table loops_to_microservicepolicies - add constraint FK8avfqaf7xl71l7sn7a5eri68d - foreign key (loop_name) - references loops (name); - - alter table looptemplates_to_loopelementmodels - add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9 - foreign key (loop_element_model_name) - references loop_element_models (name); - - alter table looptemplates_to_loopelementmodels - add constraint FKj29yxyw0x7ue6mwgi6d3qg748 - foreign key (loop_template_name) - references loop_templates (name); - - alter table micro_service_policies - add constraint FKqvvdypacbww07fuv8xvlvdjgl - foreign key (loop_element_model_id) - references loop_element_models (name); - - alter table micro_service_policies - add constraint FKn17j9ufmyhqicb6cvr1dbjvkt - foreign key (policy_model_type, policy_model_version) - references policy_models (policy_model_type, version); - - alter table operational_policies - add constraint FKi9kh7my40737xeuaye9xwbnko - foreign key (loop_element_model_id) - references loop_element_models (name); - - alter table operational_policies - add constraint FKlsyhfkoqvkwj78ofepxhoctip - foreign key (policy_model_type, policy_model_version) - references policy_models (policy_model_type, version); - - alter table operational_policies - add constraint FK1ddoggk9ni2bnqighv6ecmuwu - foreign key (loop_id) - references loops (name); diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt deleted file mode 100644 index 1103affff1..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml deleted file mode 100644 index b8a774acbe..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -#{{ if not .Values.disableClampClampMariadb }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: clamp-entrypoint-bulkload-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: clamp-mariadb-conf-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/mariadb/conf.d/conf1/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/init/*").AsConfig . | indent 2 }} -#{{ end }} diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml deleted file mode 100644 index 8ddf584988..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml +++ /dev/null @@ -1,113 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - containers: - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MYSQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - - name: MYSQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }} - - name: MYSQL_DATABASE - value: {{ tpl .Values.db.databaseName .}} - volumeMounts: - - mountPath: /docker-entrypoint.sh - subPath: docker-entrypoint.sh - name: init-script - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /docker-entrypoint-initdb.d/ - name: docker-entrypoint-bulkload - - mountPath: /etc/mysql/conf.d/conf1/ - name: clamp-mariadb-conf - - mountPath: /var/lib/mysql - name: clamp-mariadb-data - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - {{- if .Values.persistence.enabled }} - - name: clamp-mariadb-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - - name: docker-entrypoint-bulkload - configMap: - name: clamp-entrypoint-bulkload-configmap - - name: clamp-mariadb-conf - configMap: - name: clamp-mariadb-conf-configmap - - name: localtime - hostPath: - path: /etc/localtime - - name: init-script - configMap: - name: {{ include "common.fullname" . }} - defaultMode: 0755 - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml deleted file mode 100644 index 424987936d..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml deleted file mode 100644 index 6856c80540..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} - storageClassName: {{ include "common.storageClass" . }} -{{- end -}} diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml deleted file mode 100644 index 4cf8155f6c..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml deleted file mode 100644 index 20a5065503..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - {{- end}} - name: {{ .Values.service.portName }} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/clamp/components/clamp-mariadb/values.yaml b/kubernetes/clamp/components/clamp-mariadb/values.yaml deleted file mode 100644 index 60b2cfef4f..0000000000 --- a/kubernetes/clamp/components/clamp-mariadb/values.yaml +++ /dev/null @@ -1,130 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: # global defaults - nodePortPrefix: 302 - - persistence: {} -# application image -image: mariadb:10.5.4 -pullPolicy: Always -flavor: small -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-root-pass - type: password - externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}' - password: '{{ .Values.db.rootPass }}' - - uid: db-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - -# Application configuration -# dummy value db user pasword to pass lint!!! -db: - user: dummy-clds - password: dummy-sidnnd83K - databaseName: dummy-cldsdb4 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 3 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 3 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: clamp/mariadb/data - -service: - type: ClusterIP - name: clampdb - portName: clampdb - internalPort: 3306 - externalPort: 3306 - - -ingress: - enabled: false - - -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: 1 - memory: 500Mi - requests: - cpu: 10m - memory: 200Mi - large: - limits: - cpu: 1 - memory: 500Mi - requests: - cpu: 10m - memory: 200Mi - unlimited: {} diff --git a/kubernetes/clamp/requirements.yaml b/kubernetes/clamp/requirements.yaml deleted file mode 100644 index 2d271032e9..0000000000 --- a/kubernetes/clamp/requirements.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: certInitializer - version: ~7.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~7.x-0 - repository: '@local' - - name: clamp-mariadb - version: ~7.x-0 - repository: 'file://components/clamp-mariadb' - - name: clamp-backend - version: ~7.x-0 - repository: 'file://components/clamp-backend' - - name: clamp-dash-es - version: ~7.x-0 - repository: 'file://components/clamp-dash-es' - - name: clamp-dash-logstash - version: ~7.x-0 - repository: 'file://components/clamp-dash-logstash' - - name: clamp-dash-kibana - version: ~7.x-0 - repository: 'file://components/clamp-dash-kibana' \ No newline at end of file diff --git a/kubernetes/clamp/resources/config/default.conf b/kubernetes/clamp/resources/config/default.conf deleted file mode 100644 index 3e6fde9d0d..0000000000 --- a/kubernetes/clamp/resources/config/default.conf +++ /dev/null @@ -1,31 +0,0 @@ -server { - - listen 2443 default ssl; - ssl_protocols TLSv1.2; - {{ if .Values.global.aafEnabled }} - ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}}; - ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}}; - {{ else }} - ssl_certificate /etc/ssl/clamp.pem; - ssl_certificate_key /etc/ssl/clamp.key; - {{ end }} - - ssl_verify_client optional_no_ca; - location /restservices/clds/ { - proxy_pass https://clamp-backend:443; - proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; - } - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - try_files $uri $uri/ /index.html; - } - - error_page 500 502 503 504 /50x.html; - - location = /50x.html { - root /usr/share/nginx/html; - } - -} diff --git a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 8717e6f33a..0000000000 --- a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,55 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"] - #If enable will do load balancing among availabe Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/clamp/templates/NOTES.txt b/kubernetes/clamp/templates/NOTES.txt deleted file mode 100644 index e36d6a5bfb..0000000000 --- a/kubernetes/clamp/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit https://127.0.0.1:8443 to use your application" - kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/clamp/templates/configmap.yaml b/kubernetes/clamp/templates/configmap.yaml deleted file mode 100644 index 1a5b0ce06a..0000000000 --- a/kubernetes/clamp/templates/configmap.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/clamp/templates/deployment.yaml deleted file mode 100644 index 51b864b986..0000000000 --- a/kubernetes/clamp/templates/deployment.yaml +++ /dev/null @@ -1,105 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /app/ready.py - args: - - --container-name - - clamp-backend - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -{{ include "common.certInitializer.initContainer" . | nindent 6 }} - containers: - # side car containers - {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} - # main container - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: logs - mountPath: {{ .Values.log.path }} - - mountPath: /etc/nginx/conf.d/default.conf - name: {{ include "common.fullname" . }}-config - subPath: default.conf - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }} - items: - - key: default.conf - path: default.conf - - name: logs - emptyDir: {} - {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/templates/ingress.yaml b/kubernetes/clamp/templates/ingress.yaml deleted file mode 100644 index 8f87c68f1e..0000000000 --- a/kubernetes/clamp/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.ingress" . }} diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/clamp/templates/secrets.yaml deleted file mode 100644 index 4cf8155f6c..0000000000 --- a/kubernetes/clamp/templates/secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/templates/service.yaml b/kubernetes/clamp/templates/service.yaml deleted file mode 100644 index 31f4380eb8..0000000000 --- a/kubernetes/clamp/templates/service.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name2 }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type2 }} - ports: - {{if eq .Values.service.type2 "NodePort" -}} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.config.portName2 }} - {{- else -}} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.config.portName2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} \ No newline at end of file diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml deleted file mode 100644 index b2b37d3755..0000000000 --- a/kubernetes/clamp/values.yaml +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: # global defaults - nodePortPrefix: 302 - centralizedLoggingEnabled: true - #AAF service - aafEnabled: true - -################################################################# -# AAF part -################################################################# -certInitializer: - permission_user: 1000 - permission_group: 999 - addconfig: true - keystoreFile: "org.onap.clamp.p12" - truststoreFile: "org.onap.clamp.trust.jks" - keyFile: "org.onap.clamp.keyfile" - truststoreFileONAP: "truststoreONAPall.jks" - clamp_key: "clamp.key" - clamp_pem: "clamp.pem" - clamp_ca_certs_pem: "clamp-ca-certs.pem" - nameOverride: clamp-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: clamp - fqi: clamp@clamp.onap.org - public_fqdn: clamp.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: > - /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; - export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); - cd {{ .Values.credsPath }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; - chmod a+rx *; - -secrets: - - uid: db-root-pass - name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass' - type: password - password: '{{ .Values.db.rootPass }}' - - uid: db-secret - name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass' - type: basicAuth - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - -db: - user: clds -# password: sidnnd83K - databaseName: &dbName cldsdb4 -# rootPass: emrys user: testos - -clamp-backend: - db: - userCredsExternalSecret: *dbUserPass - databaseName: *dbName -clamp-mariadb: - db: - rootCredsExternalSecret: *dbRootPass - userCredsExternalSecret: *dbUserPass - databaseName: *dbName - -subChartsOnly: - enabled: true - -flavor: small - -# application image -image: onap/clamp-frontend:5.1.5 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# log configuration -log: - path: /var/log/nginx/ - -################################################################# -# Application configuration defaults. -################################################################# -config: - log: - logstashServiceName: log-ls - logstashPort: 5044 - dataRootDir: /dockerdata-nfs - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 3 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - -service: - type: NodePort - name: clamp-external - portName: clamp-external - internalPort: 2443 - nodePort: 58 - - # as of 20180904 port 58 is reserved for clamp from log/logdemonode - # see https://wiki.onap.org/display/DW/OOM+NodePort+List - - type2: ClusterIP - name2: clamp - portName2: clamp-internal - internalPort2: 2443 - externalPort2: 8443 - -ingress: - enabled: false - service: - - baseaddr: "clamp.api" - name: "clamp" - port: 2443 - config: - ssl: "redirect" - -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: 1 - memory: 200Mi - requests: - cpu: 1m - memory: 50Mi - large: - limits: - cpu: 1 - memory: 500Mi - requests: - cpu: 10m - memory: 50Mi - unlimited: {} diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 335629d8e2..3e96bdf3ec 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -39,10 +39,6 @@ dependencies: version: ~7.x-0 repository: '@local' condition: cds.enabled - - name: clamp - version: ~7.x-0 - repository: '@local' - condition: clamp.enabled - name: cli version: ~7.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-be/Chart.yaml b/kubernetes/policy/components/policy-clamp-be/Chart.yaml new file mode 100644 index 0000000000..fd48cc2243 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Policy Clamp Backend +name: policy-clamp-be +version: 7.0.0 diff --git a/kubernetes/policy/components/policy-clamp-be/requirements.yaml b/kubernetes/policy/components/policy-clamp-be/requirements.yaml new file mode 100644 index 0000000000..734166b43d --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: certInitializer + version: ~7.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties new file mode 100644 index 0000000000..17185cc4bb --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties @@ -0,0 +1,71 @@ +{{/* +### +# ============LICENSE_START======================================================= +# ONAP CLAMP +# ================================================================================ +# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights +# reserved. +# ================================================================================ +# Modifications copyright (c) 2019 Nokia +# ================================================================================\ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# =================================================================== +# +### +*/}} +{{- if .Values.global.aafEnabled }} +server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} +server.ssl.key-store-password=${cadi_keystore_password_p12} +server.ssl.key-password=${cadi_key_password} +server.ssl.key-store-type=PKCS12 +server.ssl.key-alias={{ .Values.certInitializer.fqi }} + +# The key file used to decode the key store and trust store password +# If not defined, the key store and trust store password will not be decrypted +clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }} + +## Config part for Client certificates +server.ssl.client-auth=want +server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} +server.ssl.trust-store-password=${cadi_truststore_password} +{{- end }} + +#clds datasource connection details +spring.datasource.username=${MYSQL_USER} +spring.datasource.password=${MYSQL_PASSWORD} +spring.datasource.url=jdbc:mariadb:sequential://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyclamp?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 +spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements + +#The log folder that will be used in logback.xml file +clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config.json + +# +# Configuration Settings for Policy Engine Components +clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969 +clamp.config.policy.api.userName=healthcheck +clamp.config.policy.api.password=zb!XztG34 +clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969 +clamp.config.policy.pap.userName=healthcheck +clamp.config.policy.pap.password=zb!XztG34 + +#DCAE Inventory Url Properties +clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080 +clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +#DCAE Deployment Url Properties +clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +clamp.config.dcae.deployment.userName=none +clamp.config.dcae.deployment.password=none + +#AAF related parameters +clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh new file mode 100755 index 0000000000..329479fad2 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh @@ -0,0 +1,19 @@ +#!/bin/sh +{{/* +# Copyright © 2017 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2018, 2020-2021 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" policyclamp < /dbcmd-config/policy-clamp-create-tables.sql diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000000..8717e6f33a --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,55 @@ +{{/* +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql new file mode 100644 index 0000000000..1f153bce04 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql @@ -0,0 +1,257 @@ + + create table dictionary ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + dictionary_second_level integer, + dictionary_type varchar(255), + primary key (name) + ) engine=InnoDB; + + create table dictionary_elements ( + short_name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + description varchar(255) not null, + name varchar(255) not null, + subdictionary_name varchar(255), + type varchar(255) not null, + primary key (short_name) + ) engine=InnoDB; + + create table dictionary_to_dictionaryelements ( + dictionary_name varchar(255) not null, + dictionary_element_short_name varchar(255) not null, + primary key (dictionary_name, dictionary_element_short_name) + ) engine=InnoDB; + + create table hibernate_sequence ( + next_val bigint + ) engine=InnoDB; + + insert into hibernate_sequence values ( 1 ); + + create table loop_element_models ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + blueprint_yaml MEDIUMTEXT, + dcae_blueprint_id varchar(255), + loop_element_type varchar(255) not null, + short_name varchar(255), + primary key (name) + ) engine=InnoDB; + + create table loop_logs ( + id bigint not null, + log_component varchar(255) not null, + log_instant datetime(6) not null, + log_type varchar(255) not null, + message MEDIUMTEXT not null, + loop_id varchar(255) not null, + primary key (id) + ) engine=InnoDB; + + create table loop_templates ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + allowed_loop_type varchar(255), + blueprint_yaml MEDIUMTEXT, + dcae_blueprint_id varchar(255), + maximum_instances_allowed integer, + svg_representation MEDIUMTEXT, + unique_blueprint boolean default false, + service_uuid varchar(255), + primary key (name) + ) engine=InnoDB; + + create table loopelementmodels_to_policymodels ( + loop_element_name varchar(255) not null, + policy_model_type varchar(255) not null, + policy_model_version varchar(255) not null, + primary key (loop_element_name, policy_model_type, policy_model_version) + ) engine=InnoDB; + + create table loops ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + dcae_deployment_id varchar(255), + dcae_deployment_status_url varchar(255), + global_properties_json json, + last_computed_state varchar(255) not null, + svg_representation MEDIUMTEXT, + loop_template_name varchar(255) not null, + service_uuid varchar(255), + primary key (name) + ) engine=InnoDB; + + create table loops_to_microservicepolicies ( + loop_name varchar(255) not null, + microservicepolicy_name varchar(255) not null, + primary key (loop_name, microservicepolicy_name) + ) engine=InnoDB; + + create table looptemplates_to_loopelementmodels ( + loop_element_model_name varchar(255) not null, + loop_template_name varchar(255) not null, + flow_order integer not null, + primary key (loop_element_model_name, loop_template_name) + ) engine=InnoDB; + + create table micro_service_policies ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + configurations_json json, + json_representation json not null, + pdp_group varchar(255), + pdp_sub_group varchar(255), + context varchar(255), + dcae_blueprint_id varchar(255), + dcae_deployment_id varchar(255), + dcae_deployment_status_url varchar(255), + device_type_scope varchar(255), + shared bit not null, + loop_element_model_id varchar(255), + policy_model_type varchar(255), + policy_model_version varchar(255), + primary key (name) + ) engine=InnoDB; + + create table operational_policies ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + configurations_json json, + json_representation json not null, + pdp_group varchar(255), + pdp_sub_group varchar(255), + loop_element_model_id varchar(255), + policy_model_type varchar(255), + policy_model_version varchar(255), + loop_id varchar(255) not null, + primary key (name) + ) engine=InnoDB; + + create table policy_models ( + policy_model_type varchar(255) not null, + version varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + policy_acronym varchar(255), + policy_tosca MEDIUMTEXT, + policy_pdp_group json, + primary key (policy_model_type, version) + ) engine=InnoDB; + + create table services ( + service_uuid varchar(255) not null, + name varchar(255) not null, + resource_details json, + service_details json, + version varchar(255), + primary key (service_uuid) + ) engine=InnoDB; + + alter table dictionary_to_dictionaryelements + add constraint FK68hjjinnm8nte2owstd0xwp23 + foreign key (dictionary_element_short_name) + references dictionary_elements (short_name); + + alter table dictionary_to_dictionaryelements + add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe + foreign key (dictionary_name) + references dictionary (name); + + alter table loop_logs + add constraint FK1j0cda46aickcaoxqoo34khg2 + foreign key (loop_id) + references loops (name); + + alter table loop_templates + add constraint FKn692dk6281wvp1o95074uacn6 + foreign key (service_uuid) + references services (service_uuid); + + alter table loopelementmodels_to_policymodels + add constraint FK23j2q74v6kaexefy0tdabsnda + foreign key (policy_model_type, policy_model_version) + references policy_models (policy_model_type, version); + + alter table loopelementmodels_to_policymodels + add constraint FKjag1iu0olojfwryfkvb5o0rk5 + foreign key (loop_element_name) + references loop_element_models (name); + + alter table loops + add constraint FK844uwy82wt0l66jljkjqembpj + foreign key (loop_template_name) + references loop_templates (name); + + alter table loops + add constraint FK4b9wnqopxogwek014i1shqw7w + foreign key (service_uuid) + references services (service_uuid); + + alter table loops_to_microservicepolicies + add constraint FKle255jmi7b065fwbvmwbiehtb + foreign key (microservicepolicy_name) + references micro_service_policies (name); + + alter table loops_to_microservicepolicies + add constraint FK8avfqaf7xl71l7sn7a5eri68d + foreign key (loop_name) + references loops (name); + + alter table looptemplates_to_loopelementmodels + add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9 + foreign key (loop_element_model_name) + references loop_element_models (name); + + alter table looptemplates_to_loopelementmodels + add constraint FKj29yxyw0x7ue6mwgi6d3qg748 + foreign key (loop_template_name) + references loop_templates (name); + + alter table micro_service_policies + add constraint FKqvvdypacbww07fuv8xvlvdjgl + foreign key (loop_element_model_id) + references loop_element_models (name); + + alter table micro_service_policies + add constraint FKn17j9ufmyhqicb6cvr1dbjvkt + foreign key (policy_model_type, policy_model_version) + references policy_models (policy_model_type, version); + + alter table operational_policies + add constraint FKi9kh7my40737xeuaye9xwbnko + foreign key (loop_element_model_id) + references loop_element_models (name); + + alter table operational_policies + add constraint FKlsyhfkoqvkwj78ofepxhoctip + foreign key (policy_model_type, policy_model_version) + references policy_models (policy_model_type, version); + + alter table operational_policies + add constraint FK1ddoggk9ni2bnqighv6ecmuwu + foreign key (loop_id) + references loops (name); diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json new file mode 100644 index 0000000000..3adda95c11 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json @@ -0,0 +1,18 @@ +{ + "sdc-connections":{ + "sdc-controller":{ + "user": "clamp", + "consumerGroup": "clamp", + "consumerId": "clamp", + "environmentName": "AUTO", + "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", + "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", + "pollingInterval":30, + "pollingTimeout":30, + "activateServerTLSAuth":"false", + "keyStorePassword":"", + "keyStorePath":"", + "messageBusAddresses":["message-router.{{ include "common.namespace" . }}"] + } + } +} diff --git a/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt b/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt new file mode 100644 index 0000000000..e36d6a5bfb --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt @@ -0,0 +1,32 @@ +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit https://127.0.0.1:8443 to use your application" + kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml new file mode 100644 index 0000000000..aeadc37bd4 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{ include "common.log.configMap" . }} diff --git a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml new file mode 100644 index 0000000000..1120f9b2b6 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml @@ -0,0 +1,126 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: + - command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-policy-clamp-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + # side car containers + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} + # main container + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + workingDir: "/opt/policy/clamp/" + args: + - -c + - | + {{- if .Values.global.aafEnabled }} + export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0) + {{- end }} + java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - name: logs + mountPath: {{ .Values.log.path }} + - mountPath: /opt/policy/clamp/sdc-controllers-config.json + name: {{ include "common.fullname" . }}-config + subPath: sdc-controllers-config.json + - mountPath: /opt/policy/clamp/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + env: + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }} + {{- if ne "unlimited" (include "common.flavor" .) }} + - name: JAVA_RAM_CONFIGURATION + value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75 + {{- end }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + items: + - key: sdc-controllers-config.json + path: sdc-controllers-config.json + - key: application.properties + path: application.properties + - name: logs + emptyDir: {} + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-be/templates/job.yaml b/kubernetes/policy/components/policy-clamp-be/templates/job.yaml new file mode 100755 index 0000000000..c5c968a2e1 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/templates/job.yaml @@ -0,0 +1,84 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2020-2021 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.release" . }}-policy-clamp-galera-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-policy-clamp-job + release: {{ include "common.release" . }} +spec: + template: + metadata: + labels: + app: {{ include "common.name" . }}-policy-clamp-job + release: {{ include "common.release" . }} + spec: + initContainers: +#This container checks that all galera instances are up before initializing it. + - name: {{ include "common.name" . }}-readiness + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + - --job-name + - {{ include "common.release" . }}-policy-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - name: {{ include "common.release" . }}-policy-clamp-galera-config + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.db.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /dbcmd-config/create-db-tables.sh + name: {{ include "common.fullname" . }}-config + subPath: create-db-tables.sh + - mountPath: /dbcmd-config/policy-clamp-create-tables.sql + name: {{ include "common.fullname" . }}-config + subPath: policy-clamp-create-tables.sql + command: + - /bin/sh + args: + - -x + - /dbcmd-config/create-db-tables.sh + env: + - name: MYSQL_HOST + value: "{{ .Values.db.service.name }}" + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 10 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 10 }} + - name: MYSQL_PORT + value: "{{ .Values.db.service.internalPort }}" + resources: +{{ include "common.resources" . }} + restartPolicy: Never + volumes: + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + items: + - key: create-db-tables.sh + path: create-db-tables.sh + - key: policy-clamp-create-tables.sql + path: policy-clamp-create-tables.sql diff --git a/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml new file mode 100644 index 0000000000..4cf8155f6c --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-be/templates/service.yaml b/kubernetes/policy/components/policy-clamp-be/templates/service.yaml new file mode 100644 index 0000000000..c01d36a53d --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/templates/service.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml new file mode 100644 index 0000000000..1446ac42b6 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -0,0 +1,154 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018-2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: # global defaults + nodePortPrefix: 302 + persistence: {} + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + keystoreFile: 'org.onap.clamp.p12' + truststoreFile: 'org.onap.clamp.trust.jks' + keyFile: 'org.onap.clamp.keyfile' + truststoreFileONAP: 'truststoreONAPall.jks' + nameOverride: clamp-backend-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: '-72.0' + cadi_latitude: '38.0' + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_truststore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_truststore_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_key_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_key_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password_p12=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd; + cd {{ .Values.credsPath }}; + chmod a+rx *; + +secrets: + - uid: db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + +flavor: small + +# application image +image: onap/policy-clamp-backend:6.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# log configuration +log: + path: /var/log/onap + +################################################################# +# Application configuration defaults. +################################################################# + +#####dummy values for db user and password to pass lint!!!####### + +db: + user: policy_user + password: policy_user + image: mariadb:10.5.8 + service: + name: policy-mariadb + internalPort: 3306 + +config: + log: + logstashServiceName: log-ls + logstashPort: 5044 + mysqlPassword: strong_pitchou + dataRootDir: /dockerdata-nfs + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 3 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + +service: + type: ClusterIP + name: policy-clamp-be + portName: policy-clamp-be + internalPort: 8443 + externalPort: 8443 + +ingress: + enabled: false + +#resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 1m + memory: 1Gi + large: + limits: + cpu: 1 + memory: 3Gi + requests: + cpu: 10m + memory: 3Gi + unlimited: {} diff --git a/kubernetes/policy/components/policy-clamp-fe/Chart.yaml b/kubernetes/policy/components/policy-clamp-fe/Chart.yaml new file mode 100644 index 0000000000..331ba86995 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-fe/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Policy Clamp Frontend +name: policy-clamp-fe +version: 7.0.0 diff --git a/kubernetes/policy/components/policy-clamp-fe/requirements.yaml b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml new file mode 100644 index 0000000000..734166b43d --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-fe/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: certInitializer + version: ~7.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf new file mode 100644 index 0000000000..4cab734074 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf @@ -0,0 +1,31 @@ +server { + + listen 2443 default ssl; + ssl_protocols TLSv1.2; + {{ if .Values.global.aafEnabled }} + ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}}; + ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}}; + {{ else }} + ssl_certificate /etc/ssl/clamp.pem; + ssl_certificate_key /etc/ssl/clamp.key; + {{ end }} + + ssl_verify_client optional_no_ca; + location /restservices/clds/ { + proxy_pass https://policy-clamp-be:8443; + proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; + } + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri/ /index.html; + } + + error_page 500 502 503 504 /50x.html; + + location = /50x.html { + root /usr/share/nginx/html; + } + +} diff --git a/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000000..8717e6f33a --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,55 @@ +{{/* +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt b/kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt new file mode 100644 index 0000000000..e36d6a5bfb --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt @@ -0,0 +1,32 @@ +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit https://127.0.0.1:8443 to use your application" + kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml new file mode 100644 index 0000000000..1a5b0ce06a --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{ include "common.log.configMap" . }} diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml new file mode 100644 index 0000000000..97c7919389 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml @@ -0,0 +1,105 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: + - command: + - /app/ready.py + args: + - --container-name + - policy-clamp-be + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | nindent 6 }} + containers: + # side car containers + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} + # main container + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - name: logs + mountPath: {{ .Values.log.path }} + - mountPath: /etc/nginx/conf.d/default.conf + name: {{ include "common.fullname" . }}-config + subPath: default.conf + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }} + items: + - key: default.conf + path: default.conf + - name: logs + emptyDir: {} + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml new file mode 100644 index 0000000000..4cf8155f6c --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml new file mode 100644 index 0000000000..b4549ba099 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml @@ -0,0 +1,43 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} +--- diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml new file mode 100644 index 0000000000..91a096d1b2 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml @@ -0,0 +1,150 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018-2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: # global defaults + nodePortPrefix: 302 + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "clamp.key" + clamp_pem: "clamp.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; + +subChartsOnly: + enabled: true + +flavor: small + +# application image +image: onap/policy-clamp-frontend:6.0.0 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# log configuration +log: + path: /var/log/nginx/ + +################################################################# +# Application configuration defaults. +################################################################# +config: + log: + logstashServiceName: log-ls + logstashPort: 5044 + dataRootDir: /dockerdata-nfs + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 3 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 3 + +service: + type: NodePort + name: policy-clamp-fe + portName: policy-clamp-fe + internalPort: 2443 + nodePort: 58 + + # as of 20180904 port 58 is reserved for clamp from log/logdemonode + # see https://wiki.onap.org/display/DW/OOM+NodePort+List + +ingress: + enabled: false + service: + - baseaddr: "clamp.api" + name: "clamp" + port: 2443 + config: + ssl: "redirect" + +#resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 1 + memory: 200Mi + requests: + cpu: 1m + memory: 50Mi + large: + limits: + cpu: 1 + memory: 500Mi + requests: + cpu: 10m + memory: 50Mi + unlimited: {} diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml index b2f2b7430a..22e3dfad18 100755 --- a/kubernetes/policy/requirements.yaml +++ b/kubernetes/policy/requirements.yaml @@ -48,6 +48,14 @@ dependencies: version: ~7.x-0 repository: 'file://components/policy-distribution' condition: policy-distribution.enabled + - name: policy-clamp-be + version: ~7.x-0 + repository: 'file://components/policy-clamp-be' + condition: policy-clamp-be.enabled + - name: policy-clamp-fe + version: ~7.x-0 + repository: 'file://components/policy-clamp-fe' + condition: policy-clamp-fe.enabled - name: repositoryGenerator version: ~7.x-0 repository: '@local' diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh index 0d7ce07c9b..90c987984f 100755 --- a/kubernetes/policy/resources/config/db.sh +++ b/kubernetes/policy/resources/config/db.sh @@ -18,7 +18,7 @@ mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; -for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory +for db in support onap_sdk log migration operationshistory10 pooling policyadmin policyclamp operationshistory do mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index d09895484c..678772c481 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -66,6 +66,11 @@ policy-drools-pdp: policy-distribution: enabled: true db: *dbSecretsHook +policy-clamp-be: + enabled: true + db: *dbSecretsHook +policy-clamp-fe: + enabled: true policy-nexus: enabled: false diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index ef12c9a848..50117bd359 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -20,7 +20,7 @@ GLOBAL_INJECTED_APPC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . GLOBAL_INJECTED_APPC_CDT_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "appc-cdt") }}' GLOBAL_INJECTED_ARTIFACTS_VERSION = '{{.Values.demoArtifactsVersion}}' GLOBAL_INJECTED_ARTIFACTS_REPO_URL = "{{ .Values.demoArtifactsRepoUrl }}" -GLOBAL_INJECTED_CLAMP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "clamp") }}' +GLOBAL_INJECTED_CLAMP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-clamp-fe") }}' GLOBAL_INJECTED_CLI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "cli") }}' GLOBAL_INJECTED_CLOUD_ENV = 'openstack' GLOBAL_INJECTED_DCAE_COLLECTOR_IP = "{{ .Values.dcaeCollectorIp }}" @@ -152,7 +152,7 @@ GLOBAL_SDC_PASSWORD = "boop" GLOBAL_SDC_AUTHENTICATION = [GLOBAL_SDC_USERNAME, GLOBAL_SDC_PASSWORD] # clamp info - everything is from the private oam network (also called onap private network) GLOBAL_CLAMP_SERVER_PROTOCOL = "https" -GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "clamp" "port" 8443) }}' +GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-clamp-fe" "port" 2443) }}' # nbi info - everything is from the private oam network (also called onap private network) GLOBAL_NBI_SERVER_PROTOCOL = "https" GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" 8443) }}' -- cgit 1.2.3-korg